call to memcpy leads to undefined behavior

[theosotr]

Issue Summary

The call to memcpy is unsafe, as the input passed to this call is unsanitized. This can lead to undefined behavior in the following scenario where memcpy is called as follows:

memcpy(ptr, NULL, 0);

The second argument of memcpy should never be NULL.

Steps to Reproduce

1. Run the following command, to create an sqlite3 database where a BLOB column contains NULL.

#!/bin/bash

DB="test.db"

sqlite3 "$DB" <<EOF
CREATE TABLE files (id INTEGER PRIMARY KEY, data BLOB);
INSERT INTO files (data) VALUES (X'');
.headers on
.mode column
SELECT id, length(data) AS blob_length FROM files;
EOF

2. Then, build node-sqlite3 from source with UBSan enabled:
   a. export CXXFLAGS=-fsanitize=undefined
   b. export CFLAGS=-fsanitize=undefined
   c. export LDFLAGS=-fsanitize=undefined
   d. npm install --build-from-source

3. Write trigger.js, the JavaScript program that triggers the undefined behavior:

const sqlite3 = require('sqlite3`);
const db = new sqlite3.Database('test.db');

db.get("SELECT data FROM files LIMIT 1", (err, row) => {
  if (err) {
    console.error("Query error:", err);
    return;
  }

  const blob = row.data;
  console.log("Raw blob value:", blob);
  console.log("Type:", typeof blob);

  if (Buffer.isBuffer(blob)) {
    console.log("Length of blob:", blob.length);
    console.log("Hex dump:", blob.toString('hex'));
  } else if (blob === null) {
    console.log("Value is NULL");
  }

  db.close();
});

4. Run with node trigger.js
   Output:

$> node trigger.js
../src/statement.h:60:19: runtime error: null pointer passed as argument 2, which is declared to never be null

Version

master

Node.js Version

22.14.0

How did you install the library?

Install from source

[kewde]

@theosotr thank you for reporting this issue, I believe that #1832 should fix this.

[theosotr]

Thanks for the fix!